The opinion in support of the decision being entered today was not 
written for publication and is not binding precedent of the Board. 
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COURTENAY, Administrative Patent Judge. 

DECISION ON APPEAL 
This is a decision on appeal under 35 U.S.C. § 134(a) from the 
Examiner's rejection of claims 1-6, 8-14, 16-22, and 24. The Examiner has 
reconsidered and withdrawn the rejection of claims 7, 15, and 23 (Answer 
7). The Examiner has also reconsidered and withdrawn the rejection under 
35 U.S.C. § 1 12, first paragraph, of claims 6, 14, and 22 (Answer 3). With 
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respect to the rejection of dependent claim 1 1, the Examiner has indicated on 
page 1 1 of the Answer that the rejection of claim 1 1 has been reconsidered 
and withdrawn. However, on pages 4 and 6 of the Answer we find the 
Examiner nevertheless maintains a rejection for claim 1 1 as being 
unpatentable over Savill in view of Wu. In order to avoid unnecessary delay 
and expedite the prosecution of this appeal, we will consider claim 1 1 as 
standing rejected as set forth on pages 4 and 6 of the Answer. We note that 
Appellants address the Examiner's rejection of claims 1-24 in the Brief and 
there is no Reply Brief. 

THE INVENTION 
The disclosed invention relates generally to data processing systems, 
and more particularly, to user authentication and access in a data processing 
system (Specification 1). The disclosed invention provides a system and 
method for aggregating authenticated identities. A security context created 
in response to a first user logon is saved in response to a second logon. A 
composite or aggregate security context is created based on the identity 
passed in the second logon. Access may then be granted (or denied) based 
on the current, aggregated security context. Upon logout of the user based 
on the second identity, the aggregate security context is destroyed, and the 
security context reverts to the context previously saved. Alternatively, in 
another embodiment, all security contexts, including those on the stack, may 
be destroyed (Specification 8). 
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Independent claim 1 is illustrative: 

1 . An authentication method comprising the steps of: 

generating a first security context in response to a first user 
authentication; 

generating a second security context in response to a second user 
authentication, wherein said second security context is an aggregate of said 
first security context and a security context corresponding to an identity in 
said second user authentication. 

THE REFERENCES 
The Examiner relies upon the following references as evidence of 
unpatentability: 

Wu US 5,774,551 Jun. 30, 1998 

John Savill, "Where can I find a Unix SU (substitute user) like utility?" 
InstantDoc #15120, Dec. 10, 1999. 

THE REJECTION 
The following rejection is on appeal before us: 
1. Claims 1-6, 8-14, 16-22, and 24 stand rejected under 

35 U.S.C. § 103(a) as being unpatentable over the teachings of 

Savill in view of Wu. 

Rather than repeat the arguments of Appellants or the Examiner, we 
make reference to the Brief and the Answer for the respective details thereof. 

OPINION 

Only those arguments actually made by Appellants have been 
considered in this decision. It is our view, after consideration of the record 
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before us, that the evidence relied upon does not support the Examiner's 
rejection of the claims on appeal. Accordingly, we reverse. 

Independent claim 1 

We consider first the Examiner's rejection of independent claim 1 as 
being unpatentable over Savill in view of Wu. 

Appellants argue that Wu's stacking (i.e., aggregation) of 
authentication services is not done in response to a second user 
authentication, but rather is preexisting and independent of any actual user 
authentication action (emphasis in original). Appellants further argue that 
Wu expressly teaches away from a second user authentication, or of 
performing any action in response to such (missing) second user 
authentication, by its teaching of a unified single user logon. Appellants 
conclude that the Examiner has impermissibly relied upon hindsight in 
formulating the rejection (Br. 9). 

The Examiner disagrees. The Examiner argues that Wu's unified 
login does include the second user authentication because: (a), the first and 
the second user authentications in the authentication security system, as 
recited in the claim, are not limited to human entry (which is also consistent 
with the Specification at page 10, paragraph 2 and page 13, paragraph 4), 
and (b), Wu's unified login invokes multiple logical authentication services 
and associated security contexts (or credentials) that are dynamically built 
and aggregated during run-time. The Examiner argues that by using Wu's 
"stacking" authentication services (col. 6, 1. 65), the security contexts are 
aggregated depending upon which authentications are invoked and what 
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credentials are created during run-time. Therefore, the Examiner concludes 
that Wu does not teach away from a second user authentication by its 
teaching of a unified single user login (Answer 8-9). 

With respect to the issue of hindsight, the Examiner asserts that an 
artisan would have been motivated to modify Savill with the teachings of 
Wu by virtue of the nature of the problem to be solved. Specifically, the 
Examiner argues that Wu resolves the problem presented by Savill, i.e., how 
to avoid the need to log off an existing user account prior to logging on to a 
new user account (Savill, p. 1,1. 4). 

In rejecting claims under 35 U.S.C. § 103, it is incumbent upon the 
Examiner to establish a factual basis to support the legal conclusion of 
obviousness. See In re Fine, 837 F.2d 1071, 1073, 5 USPQ2d 1596, 1598 
(Fed. Cir. 1988). In so doing, the Examiner must make the factual 
determinations set forth in Graham v. John Deere Co., 383 U.S. 1, 17, 148 
USPQ 459, 467 (1966). "[T]he examiner bears the initial burden, on review 
of the prior art or on any other ground, of presenting a prima facie case of 
unpatentability." In re Oetiker, 977 F.2d 1443, 1445, 24 USPQ2d 1443, 
1444 (Fed. Cir. 1992). Furthermore, "'there must be some articulated 
reasoning with some rational underpinning to support the legal conclusion of 
obviousness' .... [H]owever, the analysis need not seek out precise 
teachings directed to the specific subject matter of the challenged claim, for 
a court can take account of the inferences and creative steps that a person of 
ordinary skill in the art would employ." KSR Int'l Co. v. Teleflex Inc., 127 
S. Ct. 1727, 82 USPQ2d 1385, 1396 (2007) (quoting In reKahn, 441 F.3d 
977, 988, 78 USPQ2d 1329, 1336 (Fed. Cir. 2006)). 
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We begin our analysis by broadly but reasonably construing the 

recited term "user authentication" in a manner consistent with the 

Specification (claim 1). See In re Hyatt, 211 F.3d 1367, 1372, 54 USPQ2d 

1664, 1667 (Fed. Cir. 2000) ("[D]uring examination proceedings, claims are 

given their broadest reasonable interpretation consistent with the 

specification."). When we look to the Specification for context, we agree 

with the Examiner that the claimed first and the second user authentications 

are not limited to authentication actually performed by human entry (i.e., 

performed by the user). Indeed, we find the Specification provides broad 

support for operations that require no action on the part of a human operator: 

Note that the invention may describe terms such as comparing, 
validating, selecting, identifying, or other terms that could be 
associated with a human operator. However, for at least a 
number of the operations described herein which form part of at 
least one of the embodiments, no action by a human operator is 
desirable. 

(Specification 10, 11. 10-13). 

In this way an authentication mechanism is implemented which 
permits a user to selectively authenticate without necessarily 
giving up already established access. (Note that a user need not 
refer to a "human" user but may, for example, include a proxy 
server running under a user's identity.) 
(Specification p. 13, 1. 21 - p. 14, 1. 1). 

We further agree with the Examiner that Wu teaches multiple logical 

authentication services that are aggregated (i.e., stacked) so as to permit a 

single unified login to access multiple authentication services, as follows: 

The ability to use multiple different ones of a given account 
management service is called "stacking, " and it is particularly 
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useful in conjunction with the authentication services. The 
configuration file 127 allows multiple authentication services 
109 to be stacked for authenticating a user, and further enables 
unified login to such stacked authentication services 109 with a 
single password, and unified logout with a single logout 
command [emphasis added]. 
(Wu, col. 6, 1. 63 - col. 7, 1. 4). 

Nevertheless, we note that Appellants specifically point out that Wu's 
stacking of authentication services is not done in response to a second user 
authentication {see Br. 9). Appellants further argue that Wu's stacking (i.e., 
aggregation) of authentication services is preexisting and independent of any 
actual user authentication action (id.). We find the issue before us presents a 
close question, given that the broad language of the claim does not require 
actual human authentication. Thus, we disagree with Appellants' sweeping 
assertion that Wu's stacking (i.e., aggregation) of authentication services is 
independent of any actual user authentication action, because user action by 
a human is not required when the language of the claim is accorded a broad 
but reasonable interpretation consistent with the Specification, as discussed 
supra (see Br. 9). However, after closely examining the Wu reference in its 
entirety, we nevertheless find clear support for Appellants' position that 
Wu's stacking (i.e., aggregation) of authentication services is preexisting 
(i.e., prestored). Specifically, we find Wu discloses that the stacking (i.e., 
aggregation) of service associations (i.e., authentication services) is stored in 
configuration file 127: 

Generally, the configuration file 127 stores a set of service 
associations. Each service association relates one system entry 
service 107 with one or more selected account management 
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services. The selected account management services may be of 
the same type, or from various types. The service associations 
form a decision table [see TABLE 1, col. 7] used by the 
pluggable account management interface 123 to determine 
which account management service is to be used [to] provide 
account management functionality in response to the use of a 
particular system entry service 107. 
(Wu, col. 7, 11. 5-14; see also TABLE 1, col. 7]. 

Therefore, we agree with Appellants that Wu's preexisting, stored 
service associations (i.e., authentication services) are not fairly generated 
(i.e., created) as a second security context in response to a second user 
authentication, wherein said second security context is an aggregate of said 
first security context and a security context corresponding to an identity in 
said second user authentication, as required by the language of independent 
claim 1 . 

With respect to Appellants' teaching away argument, we agree that 
Wu's primary purpose of providing a unified single user login does teach 
away from any requirement that a second user authentication be performed 
by a human user {see Wu, col. 3, 11. 14-17). At the same time, we agree with 
the Examiner that a broad but reasonable interpretation of the claim 
language does not require the user authentication to be performed by an 
actual human user, as discussed supra . 

However, we find Appellants' arguments persuasive with respect to 
the issue of hindsight. The Examiner asserts that the nature of the problem 
to be solved would have led an artisan, having knowledge of Savill, to look 
to Wu to solve the purported deficiencies of Savill (see Answer 9-10). The 
problem or deficiency that the Examiner raises is the need to avoid logging 
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out before logging on to another session (see Answer 10, 1). The 
Examiner asserts that Wu solves this problem (id.). When we look to the 
primary Savill reference, we find the single-page reference teaches a 
Microsoft Windows super-user (SU) utility that allows a system 
administrator to temporarily start applications running in the security context 
of a different account without having to first close all open applications and 
log off (Savill, U 1). Thus, we find the problem proffered by the Examiner is 
already solved by Savill. We note that the U.S. Supreme Court recently 
reaffirmed that "[a] factfinder should be aware, of course, of the distortion 
caused by hindsight bias and must be cautious of argument reliant upon ex 
post reasoning." KSRInt'l Co. v. Tele/lex Inc., 127 S. Ct. 1727, 82 USPQ2d 
at 1397. See also Graham v. John Deere Co., 383 U.S. at 36, 148 USPQ at 
474. Nevertheless, in KSR the Supreme Court also qualified the issue of 
hindsight by stating that "[r]igid preventative rules that deny factfinders 
recourse to common sense, however, are neither necessary under our case 
law nor consistent with it." KSR Int'l Co. v. Teleflex Inc., 127 S. Ct. 1727, 
82 USPQ2d at 1397. In the instant case, we conclude that a person of 
ordinary skill in the art having common sense at the time of the invention 
would not have reasonably looked to Wu to solve a problem already solved 
by Savill. Therefore, we agree with Appellants that the Examiner has 
impermissibly used the instant claims as a guide or roadmap in formulating 
the rejection. 

For at least the aforementioned reasons, we agree with Appellants that 
the Examiner has failed to meet the burden of presenting a prima facie case 
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of obviousness. Accordingly, we will reverse the Examiner's rejection of 
independent claim 1 as being unpatentable over Savill in view of Wu. 

Because independent claims 9 and 17 recite equivalent limitations, we 
will also reverse the Examiner's rejection of these claims as being 
unpatentable over Savill in view of Wu for the same reasons discussed supra 
with respect to claim 1. Because we have reversed the Examiner's rejection 
of each independent claim, we will not sustain the Examiner's rejection of 
any dependent claims under appeal. Therefore, we also reverse the 
Examiner's rejection of dependent claims 2-6, 8, 10-14, 16, 18-22 and 24 as 
being unpatentable over Savill in view of Wu. 

DECISION 

In summary, we will not sustain the Examiner's rejection of any 
claims under appeal. Therefore, the decision of the Examiner rejecting 
claims 1-6, 8-14, 16-22, and 24 is reversed. 

REVERSED 
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